yet another blueimp vulnerability. Move to composer.

2018-10-31 15:56:08 +11:00
parent 70c55da1df
commit 7e1f431eca
67 changed files with 510 additions and 64 deletions
--- a/vendor/blueimp/jquery-file-upload/server/php/Dockerfile
+++ b/vendor/blueimp/jquery-file-upload/server/php/Dockerfile
@@ -0,0 +1,38 @@
+FROM php:7-apache
+
+# Enable the Apache Headers module:
+RUN ln -s /etc/apache2/mods-available/headers.load \
+  /etc/apache2/mods-enabled/headers.load
+
+# Enable the Apache Rewrite module:
+RUN ln -s /etc/apache2/mods-available/rewrite.load \
+  /etc/apache2/mods-enabled/rewrite.load
+
+# Install GD, Imagick and ImageMagick as image conversion options:
+RUN DEBIAN_FRONTEND=noninteractive \
+  apt-get update && apt-get install -y --no-install-recommends \
+    libpng-dev \
+    libjpeg-dev \
+    libmagickwand-dev \
+    imagemagick \
+  && pecl install \
+    imagick \
+  && docker-php-ext-enable \
+    imagick \
+  && docker-php-ext-configure \
+    gd --with-jpeg-dir=/usr/include/ \
+  && docker-php-ext-install \
+    gd \
+  # Uninstall obsolete packages:
+  && apt-get autoremove -y \
+    libpng-dev \
+    libjpeg-dev \
+    libmagickwand-dev \
+  # Remove obsolete files:
+  && apt-get clean \
+  && rm -rf \
+    /tmp/* \
+    /usr/share/doc/* \
+    /var/cache/* \
+    /var/lib/apt/lists/* \
+    /var/tmp/*
--- a/vendor/blueimp/jquery-file-upload/server/php/UploadHandler.php
+++ b/vendor/blueimp/jquery-file-upload/server/php/UploadHandler.php
--- a/vendor/blueimp/jquery-file-upload/server/php/docker-compose.yml
+++ b/vendor/blueimp/jquery-file-upload/server/php/docker-compose.yml
@@ -0,0 +1,9 @@
+version: '2.3'
+services:
+  apache:
+    build: ./
+    network_mode: bridge
+    ports:
+      - "80:80"
+    volumes:
+      - "../../:/var/www/html"
--- a/vendor/blueimp/jquery-file-upload/server/php/files/.gitignore
+++ b/vendor/blueimp/jquery-file-upload/server/php/files/.gitignore
@@ -0,0 +1,3 @@
+*
+!.gitignore
+!.htaccess
--- a/vendor/blueimp/jquery-file-upload/server/php/files/.htaccess
+++ b/vendor/blueimp/jquery-file-upload/server/php/files/.htaccess
@@ -0,0 +1,26 @@
+# To enable the Headers module, execute the following command and reload Apache:
+# sudo a2enmod headers
+
+# The following directives prevent the execution of script files
+# in the context of the website.
+# They also force the content-type application/octet-stream and
+# force browsers to display a download dialog for non-image files.
+SetHandler default-handler
+ForceType application/octet-stream
+Header set Content-Disposition attachment
+
+# The following unsets the forced type and Content-Disposition headers
+# for known image files:
+<FilesMatch "(?i)\.(gif|jpe?g|png)$">
+	ForceType none
+	Header unset Content-Disposition
+</FilesMatch>
+
+# The following directive prevents browsers from MIME-sniffing the content-type.
+# This is an important complement to the ForceType directive above:
+Header set X-Content-Type-Options nosniff
+
+# Uncomment the following lines to prevent unauthorized download of files:
+#AuthName "Authorization required"
+#AuthType Basic
+#require valid-user
--- a/vendor/blueimp/jquery-file-upload/server/php/index.php
+++ b/vendor/blueimp/jquery-file-upload/server/php/index.php
@@ -0,0 +1,15 @@
+<?php
+/*
+ * jQuery File Upload Plugin PHP Example
+ * https://github.com/blueimp/jQuery-File-Upload
+ *
+ * Copyright 2010, Sebastian Tschan
+ * https://blueimp.net
+ *
+ * Licensed under the MIT license:
+ * https://opensource.org/licenses/MIT
+ */
+exit;
+error_reporting(E_ALL | E_STRICT);
+require('UploadHandler.php');
+$upload_handler = new UploadHandler();